I'm using the reset password sample from the Azure AD B2C samples repository:
https://github.com/azure-ad-b2c/samples/tree/master/policies/pwd-reset-email-exists
I'm experiencing a timeout/expiry issue in the user journey - below are the reproduction steps:
- Enter user email in Forgotten password flow
- Click on Send verification code.
- User will receive the OTP but do not enter it.
- Wait for 10 minutes.
- Click on Send new code
- Wait for 15 mins and enter the OTP.
- Click on Verify Code.
The verification succeeds, but once I click on continue, I should expect to see the password input screen. However, I am simply redirected to the beginning of the user journey and forced to enter my email, and go through the OTP verification again.
If I enter the OTP within minutes of receiving it, there isn't any issue. The issue only occurs after waiting for 10 and 15 minutes respectively. I am suspecting that there is some timeout or session expiration but I couldn't find anything on the documentation which addresses this.
Any help would be appreciated.
By default ,the expiry time of email verification code is 5 minutes and we can not change it or extend it.
If you need to disable email verification system. You can refer Disable Email verification
Please check if custom policy for OTP technical profile can be created (if needed) , where we can give
CodeExpirationInSeconds